Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    97KB

  • Sample

    230309-wmp26ahe53

  • MD5

    95e03ae51a6671e98b8461dc1ad766eb

  • SHA1

    3968a825dbda1b2998f89018c163a5e16fbdc3f3

  • SHA256

    23f70436d5d45e4abfd9763a73a43637a51192bb1ad95df790b6ebb3dd4060d1

  • SHA512

    bd12655eb446251a76ddf49a68efadaa30f13cf905323dac0992a652679e745cad881e72df95b63c26b833cf2c5a7c51f8aa10da90291843a24a9b4180e4da26

  • SSDEEP

    1536:fEzhNlLbVUKs23ZS0M5Gw/B4dIR/2rS4eCurntMJI8MY4:8z5LbVUz2RM5GfrS4eC6teIHB

Malware Config

Extracted

Family

redline

Botnet

MIX-3

C2

167.235.133.96:43849

Attributes
  • auth_value

    5809bfc38a41ac4369f75ca7762ad9c9

Targets

    • Target

      tmp

    • Size

      97KB

    • MD5

      95e03ae51a6671e98b8461dc1ad766eb

    • SHA1

      3968a825dbda1b2998f89018c163a5e16fbdc3f3

    • SHA256

      23f70436d5d45e4abfd9763a73a43637a51192bb1ad95df790b6ebb3dd4060d1

    • SHA512

      bd12655eb446251a76ddf49a68efadaa30f13cf905323dac0992a652679e745cad881e72df95b63c26b833cf2c5a7c51f8aa10da90291843a24a9b4180e4da26

    • SSDEEP

      1536:fEzhNlLbVUKs23ZS0M5Gw/B4dIR/2rS4eCurntMJI8MY4:8z5LbVUz2RM5GfrS4eC6teIHB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks